[pkg] Layout features inactive on Windows without DSIG table
Bug #655462 reported by
Paul Sladen
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Font Family |
Confirmed
|
Low
|
Unassigned |
Bug Description
Signed .ttf files are based on the hash of the whole font minus 'DSIG' table and with a zeroed checksum. The 'DSIG' table is then added and a PKCS#7 signature stored in this table:
http://
The implementation would probably need to be validated against current tools:
http://
Changed in ubuntu-font-family: | |
importance: | Undecided → Wishlist |
milestone: | none → 1.00 |
status: | New → Confirmed |
summary: |
- [pkg] Digitally sign .ttf releases + [pkg] Layout features inactive on Windows without DSIG table |
Changed in ubuntu-font-family: | |
status: | Incomplete → Confirmed |
To post a comment you must log in.
Would this have any tangible benefit? <http:// www.microsoft. com/typography/ developers/ dsig/default. htm> says "The way in which future Microsoft operating systems will deal with signed and unsigned fonts, is still being decided ... this page was last updated 7 November 2001".
Similarly, <http:// www.adobe. com/devnet/ opentype/ afdko/topic_ digital_ sig_guide. html> lists "Secure identification" and "Guarantee of no tampering" and "it seems probable that future versions of some operating systems will offer users the option of installing only digitally signed, and hence trusted, components", on a page that is undated but tells you to "Put a floppy disk in your Windows system drive A:". Heh.
I do see that "For bad and arbitrary reasons, OT/TTF fonts with layout features are only recognized as such in Windows if they have a DSIG (digital signature) table. Without this table, they behave as normal TTF fonts (i.e., none of the layout features work). This is not true of OT/CFF fonts, which need no DSIG table." <http:// typedrawers. com/discussion/ 192/making- ot-ttf- layout- features- work-in- ms-word- 2010> But that page goes on to say that a dummy (signature-less) DSIG table works perfectly well, and provides instructions on how to add it. That is something that could be included in the packaging process.